PCI DSS v3.2 and the Penetration Testing Requirements for Service Providers

In April 2016, the Payment Card Industry Security Standards Council (PCI SSC) released PCI Data Security Standard (PCI DSS) version 3.2.  With the updates came clarification to requirements, additional guidance, and the additional seven new requirements. Continue reading “PCI DSS v3.2 and the Penetration Testing Requirements for Service Providers”

PCI Security Standards Council Releases New Information Supplement on Cloud Computing

In February the PCI Security Standards Council (the “Council”) released a new information supplement related to the application of the Payment Card Industry Data Security Standards (“PCI DSS”) requirements in the Cloud. The goal of the information supplement is to assist Merchants and Cloud Service Providers (“CSP”) maintain PCI DSS compliant environments and also to guide the Qualified Security Assessors (“QSA”) that are tasked with performing the validation assessments. Continue reading “PCI Security Standards Council Releases New Information Supplement on Cloud Computing”